The client database for Episilon was breached and all of the customer email addresses and names listed in that database were obtained by hackers. Epsilon is the world's largest permission-based email service, providing over 40 billion emails annually. They have over 2,500 clients for which they build and host customer databases that include Target, JP Morgan Chase, Capital One, Best Buy, Walgreens, and TiVo. This is an enormous list of email addresses that the hackers were able to obtain. No passwords or other personal information were exposed, however this breach still puts many people at risk for spam and spear-phishing attacks. The spam that the email recipients could receive from the breach may appear to be from the companies that the recipients trust and expect emails from. Clicking on the emails or links within may allow scammers to upload malware that could obtain more sensitive information by recording passwords and more. The links could even allow scammers to take over the computer by turning it into a bot.
This article does not explain how exactly the hackers were able to access the database, but it appears that they could have had measures to prevent this breach. The article states that other sensitive data such as password were not accessed, so Epsilon could have added the same security measures that it had enabled on the password files. At minimum, the stored emails and names should have at least been encrypted so that if hackers had been able to get access to the database, they would not have been able to read the data. They should have also better secured the network to prevent unauthorized access. The company should investigate to see where the intrusion occurred to prevent this from happening again. It is a good possibility that they had an ineffective firewall that did not detect the hacker and allowed access to the sensitive files. Auditing the log files may give the company an idea of how they were able to get in to prevent this attack again.
Twitter was hit with an ongoing denial-of-service attack that caused the site to be down for more than three hours. The attack was a malicious effort in which the attacker bombarded the server with more requests that it could keep up with causing it to crash or reset. Legitimate users were unable to access the server. In addition to the site being down, client applications that depended on the Twitter API were also not able to connect to the service. Twitter was completely blacked out, affecting more than 44 million registered users in the U.S. and worldwide. Many businesses are also dependent on the site for the quick communication of information. The US State Department has even integrated with the site for information during important events such as the anti-government protests in Iran. Long periods of outage could have a negative effect on many different business who have become dependent on the information from the site.
Denial-of-service attacks are difficult to stop and the article did not give specific details on the attack, but there are a few ways of thwarting DOS attacks that Twitter could have used. The first defense should have been the firewall. If this was a SYN/ACK DOS attack, it could have pre-validated the TCP handshake, and created a false open by sending back a SYN/ACK segment without passing the SYN onto the server. The firewall would not set aside resources for a connection as the server would normally do, minimizing the false SYN segments and the attack. However, the firewall could have actually added to the problem if it did not have anough processing power, by just dropping all packets that it could not process. A better firewall could also have been used that had a higher attack identification confidence to detect and stop attack packets. Another method of stopping the attack would be to black hole all the IP packets from the attacker. However, if the attacker had been quickly changing source IP addresses, this method may not have been effective.
Following security breach, expect a lot of spam
The client database for Episilon was breached and all of the customer email addresses and names listed in that database were obtained by hackers. Epsilon is the world's largest permission-based email service, providing over 40 billion emails annually. They have over 2,500 clients for which they build and host customer databases that include Target, JP Morgan Chase, Capital One, Best Buy, Walgreens, and TiVo. This is an enormous list of email addresses that the hackers were able to obtain. No passwords or other personal information were exposed, however this breach still puts many people at risk for spam and spear-phishing attacks. The spam that the email recipients could receive from the breach may appear to be from the companies that the recipients trust and expect emails from. Clicking on the emails or links within may allow scammers to upload malware that could obtain more sensitive information by recording passwords and more. The links could even allow scammers to take over the computer by turning it into a bot.
This article does not explain how exactly the hackers were able to access the database, but it appears that they could have had measures to prevent this breach. The article states that other sensitive data such as password were not accessed, so Epsilon could have added the same security measures that it had enabled on the password files. At minimum, the stored emails and names should have at least been encrypted so that if hackers had been able to get access to the database, they would not have been able to read the data. They should have also better secured the network to prevent unauthorized access. The company should investigate to see where the intrusion occurred to prevent this from happening again. It is a good possibility that they had an ineffective firewall that did not detect the hacker and allowed access to the sensitive files. Auditing the log files may give the company an idea of how they were able to get in to prevent this attack again.
Denial-of-Service Attack Knocks Twitter Offline (Updated)
Twitter was hit with an ongoing denial-of-service attack that caused the site to be down for more than three hours. The attack was a malicious effort in which the attacker bombarded the server with more requests that it could keep up with causing it to crash or reset. Legitimate users were unable to access the server. In addition to the site being down, client applications that depended on the Twitter API were also not able to connect to the service. Twitter was completely blacked out, affecting more than 44 million registered users in the U.S. and worldwide. Many businesses are also dependent on the site for the quick communication of information. The US State Department has even integrated with the site for information during important events such as the anti-government protests in Iran. Long periods of outage could have a negative effect on many different business who have become dependent on the information from the site.
Denial-of-service attacks are difficult to stop and the article did not give specific details on the attack, but there are a few ways of thwarting DOS attacks that Twitter could have used. The first defense should have been the firewall. If this was a SYN/ACK DOS attack, it could have pre-validated the TCP handshake, and created a false open by sending back a SYN/ACK segment without passing the SYN onto the server. The firewall would not set aside resources for a connection as the server would normally do, minimizing the false SYN segments and the attack. However, the firewall could have actually added to the problem if it did not have anough processing power, by just dropping all packets that it could not process. A better firewall could also have been used that had a higher attack identification confidence to detect and stop attack packets. Another method of stopping the attack would be to black hole all the IP packets from the attacker. However, if the attacker had been quickly changing source IP addresses, this method may not have been effective.
50/50